Vulnerability Name: | CVE-2004-0552 (CCN-17468) | ||||||||
Assigned: | 2004-09-22 | ||||||||
Published: | 2004-09-22 | ||||||||
Updated: | 2017-07-11 | ||||||||
Summary: | Sophos Small Business Suite 1.00 on Windows does not properly handle files whose names contain reserved MS-DOS device names such as (1) LPT1, (2) COM1, (3) AUX, (4) CON, or (5) PRN, which can allow malicious code to bypass detection when it is installed, copied, or executed. | ||||||||
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Bypass Security | ||||||||
References: | Source: MITRE Type: CNA CVE-2004-0552 Source: IDEFENSE Type: UNKNOWN 20040922 Sophos Small Business Suite Reserved Device Name Handling Vulnerability Source: CCN Type: iDEFENSE Security Advisory 09.22.04 Sophos Small Business Suite Reserved Device Name Handling Vulnerability Source: CCN Type: OSVDB ID: 10225 Sophos Anti-Virus Reserved DOS Name Scan Failure Source: CCN Type: BID-11236 Sophos Anti-Virus Reserved MS-DOS Name Scan Evasion Vulnerability Source: MISC Type: Exploit, Patch, Vendor Advisory http://www.seifried.org/security/advisories/kssa-005.html Source: XF Type: UNKNOWN sophos-business-security-bypass(17468) Source: XF Type: UNKNOWN sophos-business-security-bypass(17468) | ||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
BACK |